2.Development of Regulations for Handling Personal Data

The Company will formulate handling regulations for personal data, including methods of handling, responsible persons, and their duties, at each stage such as acquisition, input, use, processing, storage, transfer, transmission, and disposal or destruction, as well as responding to leakage incidents.

3.Organizational Safety Management Measures

The Company will appoint a person responsible for handling personal data, clarify the scope of personal data handled by employees, and establish a reporting and communication system to notify the responsible person of any violations or signs of violations of laws or handling regulations.

4.Human Resource Safety Management Measures

The Company will conduct regular training for employees on matters related to the handling of personal data.

5.Physical Safety Management Measures

• In areas where personal data is handled, the Company will manage employee access and restrict the use of equipment brought in, as well as implement measures to prevent unauthorized viewing of personal data. Measures will be taken to prevent theft or loss of equipment, electronic media, and documents containing personal data, and when transporting such items within the business premises, steps will be taken to ensure that personal data is not easily identifiable. When disposing of personal data, the Company will implement measures to ensure irreversible deletion or physical destruction of media containing the data.

6.Technical Safety Management Measures

• When handling personal data using information systems (including computers), including transmission to and from external sources via the internet, the Company will implement appropriate access controls to limit the scope of responsible persons and the personal information databases they handle. Access rights will be verified based on identification results to ensure that employees using information systems with personal data have legitimate access rights. The Company will implement measures to protect information systems handling personal data from unauthorized external access and malicious software. Measures will be taken and appropriately operated to prevent leakage of personal data associated with the use of information systems.